I believe that Brad Wood has made the case for that with his afformentioned blog post. Emmit
On Thu, Jul 16, 2009 at 8:48 PM, James Holmes <james.hol...@gmail.com>wrote: > > Can you provide examples? > > mxAjax / CFAjax docs and other useful articles: > http://www.bifrost.com.au/blog/ > > 2009/7/17 Emmit Larson <emmit.lar...@gmail.com>: > > > >>> CFQUERYPARAM will prevent all SQL injection attacks > > > > This is demonstrably false. Semantics, arguments and opinions aside, > > spreading misinformation like this is irresponsible. An attack can be > made > > to inject SQL on a CF application using CFQuery that cannot be prevented > > with cfqueryparam. To paraphrase Uncle Bill, "...it must follow, as the > > night the day, thou canst not then prevent a SQL injection > > attacks with cfqueryparam". > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324617 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
